
Security News
Package Maintainers Call for Improvements to GitHub’s New npm Security Plan
Maintainers back GitHub’s npm security overhaul but raise concerns about CI/CD workflows, enterprise support, and token management.
@valueadd/ci
Advanced tools
npm install @valueadd/ci --save-optional
print-version
Print version based on package.json and git commit hash.
validate-branch <branch>
Check if branch is correctly named
validate-nx-tags
Check if all nx tags are valid.
validate-commit <branch>
Check if commit messages are correctly formatted.
prettier-check <files>
Check with prettier if files are correctly formatted.
build-affected [options]
Build affected apps.
Options:
--base <base>
- base commit or branch for finding affected apps
--buildFlags <buildFlags>
- build flags eg. --aot --build-optimizer=false
(default: "--aot --build-optimizer=false")
--head <head>
- head commit or branch for finding affected apps
--nodeFlags <nodeFlags>
- nodejs flags eg. --max-old-space-size=6144
(default: "")
--npmCommands <npmFlags>
- additional npm commands to run before build separated with &&
eg. build:ci:prepare && build:ci:notify
(default: "")
Create ci.json5
file in repository with the following content:
{
branch: {
types: ['feature', 'bugfix', 'hotfix', 'release', 'refactor'], // types of branches
pattern: '(.*)' // RegExp that overrides "types" (types are ignored)
},
commit: {
maxLength: 100, // max commit length
types: [
// available types in commits
'build',
'ci',
'docs',
'feat',
'fix',
'perf',
'refactor',
'release',
'style',
'test'
],
scopes: ['test', 'report', 'document'] // available scopes in commits
},
prettier: {
extensionsToCheck: ['.json', '.ts', '.js', '.html', '.css', '.scss'] // extensions to check with prettier
}
}
FAQs
CI scripts
We found that @valueadd/ci demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Maintainers back GitHub’s npm security overhaul but raise concerns about CI/CD workflows, enterprise support, and token management.
Product
Socket Firewall is a free tool that blocks malicious packages at install time, giving developers proactive protection against rising supply chain attacks.
Research
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.